Context Navigation

source: trunk/include/regfi.h @ 98

Last change on this file since 98 was 97, checked in by tim, 16 years ago
begun the work of rewriting the lowest layer parsing routines
Property svn:keywords set to `Id`
File size: 10.3 KB

Rev	Line
[30]	1	/*
	2	* Branched from Samba project, Subversion repository version #6903:
[84]	3	* http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/source/include/regfio.h?rev=6903&view=auto
[30]	4	*
	5	* Unix SMB/CIFS implementation.
	6	* Windows NT registry I/O library
	7	*
[81]	8	* Copyright (C) 2005-2007 Timothy D. Morgan
[30]	9	* Copyright (C) 2005 Gerald (Jerry) Carter
	10	*
	11	* This program is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License as published by
	13	* the Free Software Foundation; version 2 of the License.
	14	*
	15	* This program is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	* GNU General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU General Public License
	21	* along with this program; if not, write to the Free Software
	22	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	23	*
	24	* $Id: regfi.h 97 2008-02-27 01:04:14Z tim $
	25	*/
	26
	27	/************************************************************
	28	* Most of this information was obtained from
	29	* http://www.wednesday.demon.co.uk/dosreg.html
	30	* Thanks Nigel!
	31	***********************************************************/
	32
[78]	33	#ifndef _REGFI_H
	34	#define _REGFI_H
[30]	35
[31]	36	#include <stdlib.h>
	37	#include <stdio.h>
[30]	38	#include <stdbool.h>
[31]	39	#include <string.h>
[30]	40	#include <errno.h>
[31]	41	#include <time.h>
[30]	42	#include <fcntl.h>
	43	#include <sys/stat.h>
	44	#include <sys/types.h>
	45	#include <unistd.h>
	46	#include <assert.h>
	47
	48	#include "smb_deps.h"
[78]	49	#include "void_stack.h"
[30]	50
	51	/******************************************************************************/
	52	/* Macros */
	53
[32]	54	/* Registry data types */
	55	#define REG_NONE 0
	56	#define REG_SZ 1
	57	#define REG_EXPAND_SZ 2
	58	#define REG_BINARY 3
	59	#define REG_DWORD 4
[54]	60	#define REG_DWORD_LE 4 /* DWORD, little endian */
	61	#define REG_DWORD_BE 5 /* DWORD, big endian */
[32]	62	#define REG_LINK 6
	63	#define REG_MULTI_SZ 7
	64	#define REG_RESOURCE_LIST 8
	65	#define REG_FULL_RESOURCE_DESCRIPTOR 9
	66	#define REG_RESOURCE_REQUIREMENTS_LIST 10
[72]	67	#define REG_QWORD 11 /* 64-bit little endian */
	68	/* XXX: Has MS defined a REG_QWORD_BE? */
[32]	69	/* Not a real type in the registry */
[81]	70	#define REG_KEY 0x7FFFFFFF
[32]	71
	72
[30]	73	#define REGF_BLOCKSIZE 0x1000
[97]	74	#define REGF_ALLOC_BLOCK 0x1000 /* Minimum allocation unit for hbins */
[78]	75	#define REGF_MAX_DEPTH 512
[30]	76
	77	/* header sizes for various records */
	78
[97]	79	#define REGF_MAGIC_SIZE 4
	80	#define HBIN_MAGIC_SIZE 4
	81	#define HBIN_HEADER_REC_SIZE 0x20
[30]	82	#define REC_HDR_SIZE 2
	83
	84	#define REGF_OFFSET_NONE 0xffffffff
	85
	86	/* Flags for the vk records */
	87
	88	#define VK_FLAG_NAME_PRESENT 0x0001
	89	#define VK_DATA_IN_OFFSET 0x80000000
[77]	90	#define VK_MAX_DATA_LENGTH 1024*1024
[30]	91
	92	/* NK record macros */
	93
	94	#define NK_TYPE_LINKKEY 0x0010
	95	#define NK_TYPE_NORMALKEY 0x0020
	96	#define NK_TYPE_ROOTKEY 0x002c
	97
[54]	98	#define HBIN_STORE_REF(x, y) { x->hbin = y; y->ref_count++ };
	99	/* if the count == 0; we can clean up */
	100	#define HBIN_REMOVE_REF(x, y){ x->hbin = NULL; y->ref_count-- };
[30]	101
	102
	103	/* HBIN block */
	104	struct regf_hbin;
[97]	105	typedef struct regf_hbin
	106	{
[53]	107	struct regf_hbin* prev;
	108	struct regf_hbin* next;
	109	uint32 file_off; /* my offset in the registry file */
[84]	110	uint32 ref_count; /* how many active records are pointing to this
[54]	111	* block (not used currently)
	112	*/
[84]	113
[53]	114	uint32 first_hbin_off; /* offset from first hbin block */
[97]	115	uint32 block_size; /* block size of this block
	116	* Should be a multiple of 4096 (0x1000)
[54]	117	*/
[97]	118	uint32 next_block; /* relative offset to next block. Should be
	119	* exactly the same as block_size. Stored just
	120	* in case this is found to be different in the
	121	* future.
	122	*/
	123
	124	uint8 magic[HBIN_MAGIC_SIZE]; /* "hbin" */
[54]	125	prs_struct ps; /* data */
[30]	126	} REGF_HBIN;
	127
[97]	128
	129	/* Hash List -- list of key offsets and hashed names for consistency */
	130	typedef struct
	131	{
[53]	132	uint32 nk_off;
[97]	133	uint8 keycheck[4];
[30]	134	} REGF_HASH_REC;
	135
[97]	136
	137	typedef struct
	138	{
[84]	139	REGF_HBIN* hbin; /* pointer to HBIN record (in memory) containing
[54]	140	* this nk record
	141	*/
[84]	142	REGF_HASH_REC* hashes;
[54]	143	uint32 hbin_off; /* offset from beginning of this hbin block */
	144	uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */
[53]	145
	146	uint8 header[REC_HDR_SIZE];
	147	uint16 num_keys;
[30]	148	} REGF_LF_REC;
	149
[97]	150
[30]	151	/* Key Value */
[97]	152	typedef struct
	153	{
[84]	154	REGF_HBIN* hbin; /* pointer to HBIN record (in memory) containing
[54]	155	* this nk record
	156	*/
[84]	157	char* valuename;
	158	uint8* data;
[53]	159	uint32 hbin_off; /* offset from beginning of this hbin block */
	160	uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */
[54]	161	uint32 rec_off; /* offset stored in the value list */
[53]	162
	163	uint32 data_size;
	164	uint32 data_off;
	165	uint32 type;
[84]	166	uint8 header[REC_HDR_SIZE];
[53]	167	uint16 flag;
[30]	168	} REGF_VK_REC;
	169
	170
	171	/* Key Security */
	172	struct _regf_sk_rec;
	173
[97]	174	typedef struct _regf_sk_rec
	175	{
[84]	176	struct _regf_sk_rec* next;
	177	struct _regf_sk_rec* prev;
	178	REGF_HBIN* hbin; /* pointer to HBIN record (in memory) containing
[54]	179	* this nk record
	180	*/
[84]	181	SEC_DESC* sec_desc;
[53]	182	uint32 hbin_off; /* offset from beginning of this hbin block */
	183	uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */
	184
[54]	185	uint32 sk_off; /* offset parsed from NK record used as a key
	186	* to lookup reference to this SK record
	187	*/
[53]	188
	189	uint32 prev_sk_off;
	190	uint32 next_sk_off;
	191	uint32 ref_count;
	192	uint32 size;
[84]	193	uint8 header[REC_HDR_SIZE];
[30]	194	} REGF_SK_REC;
	195
[81]	196
[30]	197	/* Key Name */
[97]	198	typedef struct
	199	{
[53]	200	uint32 hbin_off; /* offset from beginning of this hbin block */
	201	uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */
[84]	202	REGF_HBIN hbin; / pointer to HBIN record (in memory) containing
	203	* this nk record */
	204
	205	/* link in the other records here */
	206	REGF_VK_REC* values;
	207	REGF_SK_REC* sec_desc;
	208	REGF_LF_REC subkeys;
[53]	209
	210	/* header information */
[84]	211	/* XXX: should we be looking for types other than the root key type? */
	212	uint16 key_type;
[53]	213	uint8 header[REC_HDR_SIZE];
	214	NTTIME mtime;
[84]	215	char* classname;
	216	char* keyname;
[53]	217	uint32 parent_off; /* back pointer in registry hive */
	218	uint32 classname_off;
	219
	220	/* max lengths */
[54]	221	uint32 max_bytes_subkeyname; /* max subkey name * 2 */
	222	uint32 max_bytes_subkeyclassname; /* max subkey classname length (as if) */
	223	uint32 max_bytes_valuename; /* max valuename * 2 */
	224	uint32 max_bytes_value; /* max value data size */
[53]	225
	226	/* unknowns */
[54]	227	uint32 unk_index; /* nigel says run time index ? */
[53]	228
	229	/* children */
	230	uint32 num_subkeys;
	231	uint32 subkeys_off; /* hash records that point to NK records */
	232	uint32 num_values;
	233	uint32 values_off; /* value lists which point to VK records */
[97]	234	uint32 sk_off; /* offset to SK record */
[30]	235	} REGF_NK_REC;
	236
[81]	237
[97]	238
[30]	239	/* REGF block */
[97]	240	typedef struct
	241	{
[53]	242	/* run time information */
[54]	243	int fd; /* file descriptor */
[97]	244	/* For sanity checking (not part of the registry header) */
	245	uint32 file_length;
[84]	246	void* mem_ctx; /* memory context for run-time file access information */
	247	REGF_HBIN* block_list; /* list of open hbin blocks */
[53]	248
	249	/* file format information */
[84]	250	REGF_SK_REC* sec_desc_list; /* list of security descriptors referenced
	251	* by NK records
	252	*/
[53]	253
[97]	254	uint8 magic[REGF_MAGIC_SIZE];/* "regf" */
[84]	255	NTTIME mtime;
[54]	256	uint32 data_offset; /* offset to record in the first (or any?)
	257	* hbin block
	258	*/
[53]	259	uint32 last_block; /* offset to last hbin block in file */
[97]	260
	261	uint32 checksum; /* Stored checksum. */
	262	uint32 computed_checksum; /* Our own calculation of the checksum.
	263	* (XOR of bytes 0x0000 - 0x01FB)
	264	*/
[53]	265
[97]	266	/* unknown data structure values */
[53]	267	uint32 unknown1;
	268	uint32 unknown2;
	269	uint32 unknown3;
	270	uint32 unknown4;
	271	uint32 unknown5;
	272	uint32 unknown6;
[97]	273	uint32 unknown7;
[53]	274	} REGF_FILE;
[30]	275
	276
[97]	277
	278	typedef struct
	279	{
[78]	280	REGF_FILE* f;
[80]	281	void_stack* key_positions;
	282	REGF_NK_REC* cur_key;
[78]	283	uint32 cur_subkey;
	284	uint32 cur_value;
	285	} REGFI_ITERATOR;
	286
[80]	287
[97]	288	typedef struct
	289	{
[80]	290	REGF_NK_REC* nk;
	291	uint32 cur_subkey;
	292	/* We could store a cur_value here as well, but didn't see
	293	* the use in it right now.
	294	*/
	295	} REGFI_ITER_POSITION;
	296
	297
[54]	298	/******************************************************************************/
[30]	299	/* Function Declarations */
[54]	300
[84]	301	const char* regfi_type_val2str(unsigned int val);
	302	int regfi_type_str2val(const char* str);
[32]	303
[84]	304	char* regfi_get_sacl(SEC_DESC* sec_desc);
	305	char* regfi_get_dacl(SEC_DESC* sec_desc);
	306	char* regfi_get_owner(SEC_DESC* sec_desc);
	307	char* regfi_get_group(SEC_DESC* sec_desc);
[53]	308
[84]	309	REGF_FILE* regfi_open(const char* filename);
	310	int regfi_close(REGF_FILE* r);
[30]	311
[84]	312	REGFI_ITERATOR* regfi_iterator_new(REGF_FILE* fh);
	313	void regfi_iterator_free(REGFI_ITERATOR* i);
	314	bool regfi_iterator_down(REGFI_ITERATOR* i);
	315	bool regfi_iterator_up(REGFI_ITERATOR* i);
	316	bool regfi_iterator_to_root(REGFI_ITERATOR* i);
[30]	317
[84]	318	bool regfi_iterator_find_subkey(REGFI_ITERATOR* i,
	319	const char* subkey_name);
	320	bool regfi_iterator_walk_path(REGFI_ITERATOR* i,
	321	const char** path);
	322	const REGF_NK_REC* regfi_iterator_cur_key(REGFI_ITERATOR* i);
	323	const REGF_NK_REC* regfi_iterator_first_subkey(REGFI_ITERATOR* i);
	324	const REGF_NK_REC* regfi_iterator_cur_subkey(REGFI_ITERATOR* i);
	325	const REGF_NK_REC* regfi_iterator_next_subkey(REGFI_ITERATOR* i);
[80]	326
[84]	327	bool regfi_iterator_find_value(REGFI_ITERATOR* i,
	328	const char* value_name);
	329	const REGF_VK_REC* regfi_iterator_first_value(REGFI_ITERATOR* i);
	330	const REGF_VK_REC* regfi_iterator_cur_value(REGFI_ITERATOR* i);
	331	const REGF_VK_REC* regfi_iterator_next_value(REGFI_ITERATOR* i);
[80]	332
	333
[84]	334	/* Private Functions */
	335	REGF_NK_REC* regfi_rootkey(REGF_FILE* file);
	336	void regfi_key_free(REGF_NK_REC* nk);
[78]	337
[84]	338
[97]	339
	340	/****************/
	341	/* Experimental */
	342	/****************/
	343	typedef struct
	344	{
	345	uint32 offset;
	346	uint32 size;
	347	} REGFI_CELL_INFO;
	348
	349	typedef struct
	350	{
	351	uint32 count;
	352	REGFI_CELL_INFO** cells;
	353	} REGFI_CELL_LIST;
	354
	355
	356	REGF_FILE* regfi_parse_regf(int fd, bool strict);
	357	REGFI_CELL_LIST* regfi_get_unallocated_cells(REGF_FILE* file);
	358	REGF_HBIN* regfi_parse_hbin(REGF_FILE* file, uint32 offset,
	359	bool strict, bool save_unalloc);
	360	REGF_NK_REC* regfi_parse_nk(REGF_FILE* f, uint32);
	361	uint32 regfi_read(int fd, uint8* buf, uint32* length);
	362
[78]	363	#endif /* _REGFI_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: